Re: [Gen-art] [nfsv4] Genart last call review of draft-ietf-nfsv4-rpc-tls-07
Chuck Lever <chuck.lever@oracle.com> Thu, 28 May 2020 03:57 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D023A0B90; Wed, 27 May 2020 20:57:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAy7JH0Z0caZ; Wed, 27 May 2020 20:57:44 -0700 (PDT)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 735B03A0B91; Wed, 27 May 2020 20:57:44 -0700 (PDT)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 04S3n79L038450; Thu, 28 May 2020 03:57:35 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=qw69/laAHDk/QdJkOy3G+m1sSsbhPomQ/fpTRNpfMrs=; b=Renin45/SJzl8LxboVgH6cvNDexm/BmzTZ7vYjFZ/OMx4z9Cxk6YtdJnyIHW9drNW4++ GPf7xoVr9GsjKDpyzb4lvINO5PsXjAg7/72rpYUqtg8DetYYBwq0l/QlvRjTBLTmQ7J4 hgHCC0e91tpPoppAc5lsVl7yjGAWPL+I4sQH8eb2wxAmdRgtcYYyjzlp/0NDRKx42JBG GvcM7ojYn04ljtnVvOyXaGA8war+FD4EW0C6kC/l8LQY3cVifkExKx6WnyRvsms/9z3g m0X7j0g7hXpIA91TgALStMInVNFrJrvF9NtSr/3lwOMzjU+yGHqvPncp87lx21oD/v4q aw==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by aserp2120.oracle.com with ESMTP id 318xe1jqhs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 28 May 2020 03:57:35 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 04S3ms5o038848; Thu, 28 May 2020 03:57:34 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3030.oracle.com with ESMTP id 317ds1qtht-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 May 2020 03:57:34 +0000
Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 04S3vX6b004464; Thu, 28 May 2020 03:57:33 GMT
Received: from anon-dhcp-153.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 27 May 2020 20:57:33 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <87pnaoiwx6.fsf@hobgoblin.ariadne.com>
Date: Wed, 27 May 2020 23:57:31 -0400
Cc: gen-art@ietf.org, last-call@ietf.org, nfsv4@ietf.org, draft-ietf-nfsv4-rpc-tls.all@ietf.org
Content-Transfer-Encoding: 7bit
Message-Id: <1E8C42B7-C038-44AB-BCF9-1C0C9D02DEEE@oracle.com>
References: <87pnaoiwx6.fsf@hobgoblin.ariadne.com>
To: Dale Worley <worley@ariadne.com>
X-Mailer: Apple Mail (2.3445.104.14)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9634 signatures=668686
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 adultscore=0 suspectscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005280017
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9634 signatures=668686
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=999 adultscore=0 cotscore=-2147483648 mlxscore=0 bulkscore=0 priorityscore=1501 phishscore=0 lowpriorityscore=0 malwarescore=0 clxscore=1015 impostorscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005280017
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/9SHsRJ8iWNOVcrjvIYOpwuU7OH4>
Subject: Re: [Gen-art] [nfsv4] Genart last call review of draft-ietf-nfsv4-rpc-tls-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 03:57:46 -0000
> On May 27, 2020, at 11:02 PM, worley@ariadne.com wrote: > > Chuck Lever <chuck.lever@oracle.com> writes: >>> Somewhere in this section you need to specify the semi-obvious: >>> >>> [...] >> >> I can add something like this in Section 4.1, but note that Sections >> 5.1.1 and 5.1.2 already explain the relationships between TCP/UDP >> and TLS/DTLS, respectively. > > Hmmm, I want to answer "yes and no". I think those passages were > written with the presupposition that those relationships were already > known and specified, and the text talks *about* that relationship. > E.g., 5.1.1 qualifies the sentence with "Typically", and neither section > uses normative language. > > The point is that if you upgrade, if you start with TCP, you MUST > upgrade to TLS, and if you start with UDP, you MUST upgrade to DTLS. > Whereas it is conceivable that one could start with UDP to port 111, > discover rpc-tls support and then do a TLS connection to TCP port 111 > ("the same port") to continue. (After all, every NFS server listens on > 111 both with UDP and TCP, right?) And you have to state that > explicitly as a requirement. NFSv4 servers don't have to provide an rpcbind service on port 111 any more... but I get your point. The proposed replacement text I posted earlier today explains how it is supposed to work but does not use normative language. It needs to take another step and /require/ that a client uses the appropriate protection mechanism for the transport it wants to use. -- Chuck Lever
- [Gen-art] Genart last call review of draft-ietf-n… Dale Worley via Datatracker
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … David Noveck
- Re: [Gen-art] [nfsv4] Genart last call review of … Trond Myklebust
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … worley
- Re: [Gen-art] [nfsv4] Genart last call review of … worley
- Re: [Gen-art] [nfsv4] Genart last call review of … worley
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … worley
- Re: [Gen-art] [nfsv4] Genart last call review of … Chuck Lever
- Re: [Gen-art] [nfsv4] Genart last call review of … worley
- Re: [Gen-art] [nfsv4] Genart last call review of … Alissa Cooper